`hg-ssh` execution as hg user fails

[sschwarzer]

A friend of mine and I tried your container setup and ran into the problem that we weren't able to "log in" as hg. As it turned out, the file ms/src/mercurialserver/refreshauth.py (in line 56) creates an entry in hg's authorized_keys that has a command "hg-ssh <keyfile>". However, according to the hg-ssh manpage, hg-ssh takes a list of repository paths as arguments (e. g. from the manpage command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4").

After changing refreshauth.py to generate the command hg-ssh ~/repos/* the command execution still didn't work. However, it did after changing the base image of Alpine Linux to the current version 3.10.3 and using the hg-ssh installed with the Mercurial version 4.9.1. Alpine Linux 3.8, as currently listed in the Dockerfile on master, has Mercurial 4.6.1. We weren't able to find hg-ssh in the installed Mercurial 4.6.1.

Caveats:

• It's not clear to me why the version of hg-ssh on master didn't work even after changing refreshauth.py. Possibly this used to work.

• The command hg-ssh ~/repos/* allows access to all currently existing repositories, but it isn't possible to create new repositories that way. It depends on the intentions of the admin installing the container image whether this is wanted or not.

I'm going to enter a pull request since we already fixed the problem in our clone and everything seems to work fine now on our side.

[sschwarzer]

Regarding the first caveat, I suspect that the hg-ssh contained in mercurial-server isn't compatible with the newer Mercurial version from the Alpine image. (hg-ssh imports modules from the Mercurial package.)